On Tue, Jan 11, 2005 at 01:42:51PM -0800, Chris Wright wrote:> > But I'm also still not convinced this policy can't be most flexibly> > handled by a setuid helper together with the mlock rlimit.> > Wait, why can't it be done with (to date fictitious) pam_prio, which> simply calls sched_setscheduler? It's already privileged while it's> doing these things...

You certainly do not want to run everything at RT from login on.That'd be bad.

Also, tying to UIDs rather than (UID, executable) is worrisome asrandom_game_with_audio in Gnome might decide it needs RT, much to theadmin's surprise.